Vulnerabilities > Umbraco > Umbraco CMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2022-22690 | HTTP Request Smuggling vulnerability in Umbraco CMS Within the Umbraco CMS, a configuration element named "UmbracoApplicationUrl" (or just "ApplicationUrl") is used whenever application code needs to build a URL pointing back to the site. | 5.0 |
| 2022-01-18 | CVE-2022-22691 | HTTP Request Smuggling vulnerability in Umbraco CMS The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. | 4.3 |
| 2021-06-28 | CVE-2021-34254 | Open Redirect vulnerability in Umbraco CMS Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx. | 5.8 |
| 2020-12-30 | CVE-2020-5811 | Path Traversal vulnerability in Umbraco CMS An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. | 4.0 |
| 2020-12-30 | CVE-2020-5810 | Cross-site Scripting vulnerability in Umbraco CMS A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. | 3.5 |
| 2020-12-30 | CVE-2020-5809 | Cross-site Scripting vulnerability in Umbraco CMS A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. | 3.5 |
| 2020-12-02 | CVE-2020-29454 | Incorrect Permission Assignment for Critical Resource vulnerability in Umbraco CMS Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access. | 4.0 |
| 2020-03-16 | CVE-2020-9472 | Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3 Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality. | 4.0 |
| 2020-03-16 | CVE-2020-9471 | Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS 8.5.3 Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. | 6.5 |
| 2020-01-23 | CVE-2020-7210 | Cross-Site Request Forgery (CSRF) vulnerability in Umbraco CMS 8.2.2 Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts. | 4.3 |